Thanks for your answer, Bob! On Thu, 19 Jul 2012 21:28:52 -0600, Bob Proulx wrote: >> Installed sid $ sudo debootstrap sid /srv/chroot/sid/ >> http://ftp.ch.debian.org/debian/ > > I haven't submitted a bug yet but I always have problems with sysvinit > postinst depending upon ischroot and ischroot getting it wrong and that > leaving a broken /run - /var/run behind. You might hit that too. > > You should set up a usr/sbin/policy-rc.d script in your chroot. > Something like this: > > #!/bin/sh exit 101 > > That will prevent installations from starting daemons in the chroot. Or > if there is a daemon that you wish to start in the chroot then you could > use a script such as this: > > #!/bin/sh # /usr/sbin/policy-rc.d [options] <initscript ID> <actions> > # [<runlevel>] > # /usr/sbin/policy-rc.d [options] --list <initscript ID> [<runlevel> > # ...] > # See /usr/share/doc/sysv-rc/README.policy-rc.d for documentation. # > Live example found in ps: > # /bin/sh /usr/sbin/policy-rc.d x11-common stop unknown while [ $# > -gt 0 ]; do > case $1 in > --list) exit 101 ;; --quiet) shift ;; -*) shift ;; > cron) exit 0 ;; nullmailer) exit 0 ;; > *) exit 101 ;; > esac > done exit 101 > > See /usr/share/doc/sysv-rc/README.policy-rc.d.gz for documentation.
The program I'd like to jail is a daemon which means I should use the longer script. Unfortunately I couldn't find anything about the initscript ID in the policy-rc.d documentation. Can I just copy/paste the script in my case to /srv/chroot/sid/usr/sbin/policy-rc.d and make it executable? I found this: "There is a provision for a "local initscript policy layer" (...), which allows the local system administrator to control the behaviour of invoke-rc.d for every initscript id and action" http://people.debian.org/~hmh/invokerc.d-policyrc.d-specification.txt So this script controls the way and order the daemons are started? Is it correct that without it I wouldn't be able to start the daemon from outside the chroot because of this: "Can I run a dæmons in a chroot? (...) Unfortunately, this means schroot detects that the program exited (the dæmon is a orphaned grandchild of this process) and it then ends the session. (...)" http://manpages.ubuntu.com/manpages/natty/man7/schroot-faq.7.html >> Entered the chroot with $ sudo schroot -p -c sid >> >> Installed locales and reconfigured them. I also installed vim. > > Seems reasonable so far. Some packages will require /proc. Some will > also require /dev. Some will require other things. Oh, yes, I read about that but I forgot to update my /etc/fstab and mount the directories. Should I also remount /sys? Or is there a better way to do this? I mean can schroot handle it directly so that when I create a new jail or copy one that the directories are remounted there as well? >> I noticed that auto-completion isn't working. >> What packages should I install? Is auto-complete-el sufficient or is >> there a meta package for some base system packages? > > apt-get install bash-completion > >> In the chroot I have created a new user called hoferr and am now able >> to login without root privilieges. >> But in there sudo is missing. Maybe this can be resolved by installing >> the correct base system meta package mentioned above? > > apt-get install sudo Thanks! Btw I had to set the password for my user inside the chroot to be able to use sudo. >> Aside some missing packages everything looks promising. > > The premise of debootstrap is that it installs a very small system. If > you want something installed you are going to need to install it > yourself. > > Perhaps you should consider using 'tasksel' to install a standard task > set of packages. That would pull in a lot. I prefer the small system > and only install what I need to install. But if you don't like that > then you may always install a larger set all at once. Aha, the base system option of the Debian installer uses tasksel. I think I'll try with the minimal installation as well and when I run into serious problems I might install the rest with tasksel. It makes to not install too much because I won't work in the chroot. So probably even sudo and bash-completion are too much... Btw In the jail I also did `dpkg-reconfigure tzdata` to set the time zone (it was set to "Etc"). But I don't know if that makes any difference... >> To get back to my main reason of doing this: After stopping the "old" >> sabnzbdplus can I just install the chroot sabnzbplus with the "normal" >> home partition mounted? > > Yes. I could also just use /etc/schroot/default/copyfiles and put the config directory .sabnzbd onto it. Like that I still have the configuration file outside of the jail in my home dir and when I retsart the daemon the jail gets restarted as well and the config dir is copied again. Btw when I think about it: schroot manages the copying of the files. So when I create a new jail the files are copied in there as well. Is it possible to have a separate copyfiles for my sid jail like /etc/ schroot/sid/copyfiles instead of /etc/schroot/default/copyfiles? And the "global" configuration should be possible for the remounts as well. There isn't any configuration for global remounts is there? >> It will probably start automatically when the chroot is started > > Wait! Hold it right there. What do you mean "when the chroot is > started"? Unless you are doing something "magical" there isn't anything > that "starts a chroot". I think right here there is a huge > misunderstanding of chroots. If you want a particular daemon to start > in the chroot then you will need to ensure that it is started. I thought that starting a chroot is like starting a virtual machine. But it's probably more like directly starting a program (in my case sabnzbd+) for which schroot starts the jail? > (...) > > I would use the same header as in the original script. Unfortunately the init.d script for sabnzbd is quite cmplex and I don't understand exactly what I have to change. Probably I can just change the beginning which is. DAEMON=/usr/bin/sabnzbdplus SETTINGS=/etc/default/sabnzbdplus ([ -x $DAEMON ] && [ -r $SETTINGS ]) || exit 0 DESC="SABnzbd+ binary newsgrabber" DEFOPTS="--daemon" PYTHONEXEC="^$(sed -n '1s/^#\!\([a-z0-9\.\/]\+\)\(.*\)/\1(\2)?/p' $DAEMON)" PIDFILE=/var/run/sabnzbdplus.pid SETTINGS_LOADED=FALSE Here's the whole script: http://pastebin.com/raw.php?i=6PKD1JP5 Since /usr/bin/sabnzbdplus is a python script python should probably also be started in the jail. > For example I run 'nullmailer' in the chroot. Therefore I create an > initscript like this following. And I install it using update-rc.d. > Copy it to /etc/init.d/chroot-nullmailer and then install it with: > > update-rc.d chroot-nullmailer defaults > > In a chroot I usually run nullmailer and cron plus whatever else I > wanted the chroot for, such as apache. Your script is much more understandable to me. I have done it as follows: Inside the chroot I created usr/sbin/policy-rc.d with your longer script from above and made it executable. Outside the chroot I have stopped sabnzbd+ Remounted /proc, /dev, /etc/default/sabnzbdplus, /home/hoferr/.sabnzbd and the download location. (I couldn't use /etc/schroot/default/copyfiles because the directory wasn't copied.) Inside the chroot installed sabnzbd+ and was able to connect to it's webinterface. Outside chroot I created the sid-sabnzbd script http://pastebin.com/raw.php?i=Lamy4K4a Thanks for your example :-) Updated-rc.d and removed sabnzbdplus. Now I can `sudo /etc/init.d/sid-sabnzbdplus start / stop / ...` :-) Thanks again for your help! Best regards Ramon -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
